Feeds

Missiles-on-rooftops Brit spy Farr: UK gov can slurp your Facebook, Twitter ... What of it?

It's all 'external comms'... and we don't need a warrant

Website security in corporate America

A top UK spy reckons British intelligence can legally snoop on Brits' Facebook posts and tweets because they’re classed as “external communications” – though he wouldn't confirm outright that his g-men had done so.

Charles Farr, director general of the Office for Security and Counter Terrorism, said that the UK government runs a legal programme of mass surveillance on Facebook, Twitter, Google, YouTube and other site users because everything people said or posted on these sites were external comms based on platforms in the US.

That makes the sites fair game for snooping by the intelligence services under the Regulation of Investigatory Powers Act (RIPA), he said. That law says that internal communications can only be intercepted under a warrant for a specific person or address when there is some suspicion of illegal activities. But external comms can be picked up any time, even when there are no grounds for a warrant.

In practice, Farr said, that means that an email sent by a Google user to a Hotmail user both located in the UK is an internal communication, even though it may have passed through a server in another country. However, searching Google, tweeting, posting things on Facebook and other internet activities that end up stored on any server outside Blighty are classed as "external".

“Within the British Islands, the government has sufficient control and considerable resources to investigate individuals and organisations and it is feasible to adopt an interception regime that requires either a particular person, or a set of premises, to be identified before interception can take place,” Farr said in defence of the policy.

“Outside the British Islands, the government does not have the same ability to identify either relevant individuals or premises… the government is in many cases not aware of the precise location and online identities of members of Al-Qaeda around the world or of cyber criminals, Taleban insurgents, proliferators of weapons of mass destruction or precursor chemicals or of other similar individuals or organisations whose activities pose a threat to national security, the prevention and detection of serious crime or the economic well-being of the United Kingdom.”

The former MI6 man also said that electronic messages over the internet could go by a nearly infinite number of routes, so the only practical thing for the government to do was to slurp as much online info as possible. If the intelligence services happened to hoover up some internal communications accidentally, they could just not look at them without a warrant.

“The only practical way in which the government can ensure that it is able to obtain at least a fraction of the type of communication in which it is interested is to provide for the interception of a large volume of communications and the subsequent selection of a small fraction of those communications for examination by the application of relevant sectors,” he said.

Farr released the policy statement in response to a legal challenge from bodies including Privacy International, Amnesty and the American Civil Liberties Union, following the revelations from US whistleblower Edward Snowden about America’s PRISM surveillance programme and the alleged Brit equivalent Tempora.

The privacy campaigners argue the British government should reveal the full extent of Tempora, since the media has already made public documents about it. But Farr said that the alleged Tempora documents were no different to any other presumed leak, so he was sticking to the government’s policy of neither confirming nor denying them.

“I am not aware of any exceptional circumstances which would justify a departure from the neither confirm nor deny principle in relation to the alleged Tempora interception operation,” he said, adding that all he would say was that if it did exist, it would be legal.

But the campaigners said that by lumping platforms like Facebook, Twitter and YouTube into external comms, the government was denying UK citizens their rights.

“British residents are being deprived of the essential safeguards that would otherwise be applied to their communications - simply because they are using services that are based outside the UK,” Privacy International said in a statement.

It added that the some of the suggestions from Farr about why people shouldn’t be worried were laughable.

Farr said that folks shouldn’t be bothered about whether their communications were slurped up by spooks, only if they were then read or listened to or watched. He also said that even when analysts did happen to violate people’s privacy by accessing their internal communications in error, people shouldn’t worry because they’d probably forget what they saw anyway.

“Such an approach suggests that GCHQ believes it is entitled to indiscriminately intercept all communications in and out of the British Isles,” Privacy International said.

You can see Farr’s full statement hosted on the Privacy International website here (PDF). ®

Internet Security Threat Report 2014

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.